TRENDING

Too many agencies asleep at the wheel as IPv6 deadline looms

By William Jackson

Sep 20, 2012

With just days to go before the deadline for enabling IPv6 on government public-facing services such as websites, more than half of agencies have made no progress in the transition, according to statistics from the National Institute of Standards and Technology.

At the same time, another deadline is steadily approaching: The disappearance of new IPv4 addresses. On Sept. 14, the RIPE European and Mid-East Internet registry became the second of five Regional Internet Registries to begin allocating its final block of IPv4 addresses, triggering more stringent policies for doling out the remaining addresses. The Asia-Pacific registry reached that landmark last year, and the North American registry expects to reach it next August.

The advice to agencies is simple and obvious: Begin enabling IPv6 now.

“You don’t want to wait until the last minute,” advises Cricket Liu, vice president of architecture at Infoblox. Deadlines aside, managing IPv6 as well as IPv4 on a network requires additional tools and skills and agencies will need time to gain expertise before the volume of IPv6 traffic — now miniscule — begins to grow.

The Internet Protocols are the rules and specifications enabling communication among components on IP networks, including the Internet. Version 4 of the protocols is commonly in use today and the pool of new IPv4 addresses are nearing depletion. This means that future growth on the Internet will require the use of IPv6. But the two protocols are not interoperable, so providers of online resources will have to be able to handle both types of traffic at the same time.

Address translation and tunneling are short-term solutions to this challenge, but in the United States the Office of Management and Budget has set a deadline for agencies to enable the new protocols on public-facing servers and services. That deadline is the end of fiscal 2012, which is September 30, and on all internal networks and applications two years later.

According to NIST, of 1,517 government domains tested as of September 16, 58 percent showed no progress in enabling IPv6. About a third — 34 percent — showed progress and only 8 percent had IPv6 operational.

IPv4 is not going away any time soon and the millions of IPv4 addresses now in use will continue to work for the foreseeable future. But as more IPv6 addresses come into use, websites and other online resources not enabled for the new protocols could become unavailable to users of the new addresses or find themselves isolated behind chokepoints created by translation and tunneling services.

IP addresses are allocated by five Regional Internet Registries. APNIC, which serves the Asia Pacific region, began doling out its last block of about 16 million addresses — termed a /8 (“slash eight”) — in April 2011. With RIPE down to its last /8, “it puts them into a scarcity allocation mode,” Liu said.

RIPE now will allocate only one /22 block of IPv4 addresses — just 1,024 addresses — to each customer, and only if that customer has already received an allocation of IPv6 addresses. This means that blocks of available IPv4 addresses now are so small that for all practical purposes Internet growth in Europe and the Mideast now is in the IPv6 address space.

North America, where the Internet began, has a larger supply of IPv4 addresses, and ARIN, the American Registry for Internet Numbers, as of September 19 had 2.89 of the /8 blocks left. On September 18 this triggered Phase 2 of the registry’s IPv4 countdown plan. This means that smaller requests for IPv4 address allocations will be handled as usual, but any request of /16 (65,536 addresses) or larger will go into a queue for evaluation.

Phase 3 of the countdown plan will begin when two /8 blocks of IPv4 addresses remain, with larger allocations requiring director approval. Phase 4 begins when the registry is down to its final block, probably in less than a year, and will require a review of all allocation requests.

Many vendors have tools, services and advice available to government customers on enabling and managing IPv6 in their networks.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.